opensource/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-03-13 09:00:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/adpcm: fix integer overflow in N64

Browse Source 
Fixes: signed integer overflow: 1077919680 + 1077936128 cannot be represented in type 'int'
Fixes: 471686763/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_N64_DEC_fuzzer-6493712281829376

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-02-14 01:32:40 +01:00
parent 92f8dd1ea1
commit 0c7e0ed35b
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/adpcm.c
View File

@@ -2688,7 +2688,8 @@ static int adpcm_decode_frame(AVCodecContext *avctx, AVFrame *frame,
int16_t *sf_out = &out[j*8];
for (int i = 0; i < 8; i++) {
int sample, delta = 0;
int sample;
unsigned delta = 0;
for (int o = 0; o < order; o++)
delta += coefs[o*8 + i] * hist[(8 - order) + o];
@@ -2699,7 +2700,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, AVFrame *frame,
}
sample = sf_codes[i] * 2048;
sample = (sample + delta) / 2048;
sample = (int)(sample + delta) / 2048;
sample = av_clip_int16(sample);
sf_out[i] = sample;
}